[Signup] Misleading hint for password length.

woocommerce / woocommerce-android

WooCommerce Android app

https://www.woocommerce.com/mobile

GNU General Public License v2.0

276 stars 135 forks source link

[Signup] Misleading hint for password length. #8602

Closed pachlava closed 1 year ago

pachlava commented 1 year ago

Describe the bug The actual minimal password length is 8 characters, but the hint mentions 6:

To Reproduce

Be logged out
Tap "Get started"
Enter an email and a 6-char password and submit ~> the hint will tell that minimal password length is 6 characters.

Expected behavior Hint should mention 8 as min password length.

Mobile Environment

Device: Pixel 7
Android version: 13
WooCommerce Android version: 12.8-rc-1

hafizrahman commented 1 year ago

The actual minimal password length is 8 characters, but the hint mentions 6:

Curious, where did you see this minimal requirement?

If I try signing up to WordPress.com on the web, it says the minimum is six:

With that said, it sure is odd on your screenshot that the app's giving an error for the six-characters password that you entered. It should be accepted, as it is on the web version. This is because the min length is set at 7 in the code

@JorgeMucientes I'm not sure what's the history in this but do you think the value for PASSWORD_MIN_LENGTH should be changed to 6?

JorgeMucientes commented 1 year ago

Good catch @pachlava! I have the same question as @hafizrahman though. Where is the "actual minimal password length is 8" coming from? When attempting to create an account with a password set to less than 6 characters the server error message is the following:

{
  "error": "password_invalid",
  "message": "Error: Password must be at least 6 characters."
}

I'm not sure what's the history in this but do you think the value for PASSWORD_MIN_LENGTH should be changed to 6?

@hafizrahman I think it's a bug in my implementation. I am not sure why I put a 7 there. But, yes we should fix it and set it to 6.

pachlava commented 1 year ago

Curious, where did you see this minimal requirement?

Where is the "actual minimal password length is 8" coming from?

This is my mistake @hafizrahman @JorgeMucientes, sorry. I did not see it as a requirement anywhere, I meant the minimal password length that was actually accepted. And you're right, it's actually 7, I just checked in both initial 12.8-rc-1 and latest 13.3-rc-1. My brain was foggy, probably.